Rootkits: Subverting the Windows Kernel

 < Day Day Up >   

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Z]

Data bus

DATA BYTE for keyboard ports DbgPrint statement DDK (Driver Development Kit)

Debug statements, logging

Debug View tool

Decompressing .sys files

Deferred Procedure Calls (DPCs) Descriptor checks

Descriptor privilege levels (DPLs) DetermineOSVersion function

Detour patching 2nd     function byte checking in     NonPagedPool memory for     overwritten instruction tracking     rerouting control flow

     runtime address fixups in

DetourFunctionNtDevice IoControlFile function

DetourFunctionSeAccessCheck function

Device drivers. [See Drivers]

Device IRQLs (DIRQLs)

DEVICE_EXTENSION structure

DeviceIoControl function 2nd

DeviceTree utility 2nd

Direct code-byte patching method

Direct Kernel Object Manipulation (DKOM)

     benefits and drawbacks

     device driver communications

     hiding with

         device drivers         processes

         synchronization issues

     operating system version determination

     process token privilege and group elevation with

         adding SIDs to tokens         finding tokens         log events in

         modifying tokens DIRQLs (Device IRQLs) Disguised TCP/IP protocols     ASCII payloads in

     DNS requests in     encryption in     timing in     traffic patterns in DISPATCH_LEVEL DispatchPassDown function DispatchRead function 2nd

DKOM. [See Direct Kernel Object Manipulation (DKOM)]

DLLs     forwarding     injecting into processes

     listing

DNS (Domain Name Service)

DPCs [See Deferred Procedure Calls]

DPLs [See Descriptor Privilege Levels] DrainOutputBuffer function 2nd

Driver Development Kit (DDK) Driver tables for IRPs

DRIVER type DRIVER_OBJECT structureDriverEntry function     detour patches     device driver communication

     file filter drivers

     file handles

     I/O request packets

     IDTs

     jump templates

     kernel hooks

     keyboard LEDs

     keystroke monitors

     processes

     protocol registering

     runtime patching

     scancode mapping 2nd

     SSDT hooks

     symbolic links     threads in 2nd

     Windows device drivers 2nd

Drivers

     communicating with

     for introducing code into kernel     for network operations     hiding

     layered         file filter         keyboard sniffers         KLOG rootkit for

     loading    Windows. [See Windows device drivers] DriverUnload function

 < Day Day Up >   
Related

Категории